github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Clean up and restructure.

Browse Source
This commit is contained in:
Nathan Button 2017-05-03 13:51:58 -06:00
parent ddaac519dc
commit 06779586cd
1 changed files with 44 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
pkg/cloudprovider/providers/aws/aws.go
View File

@ -2729,52 +2729,55 @@ func (c *Cloud) EnsureLoadBalancer(clusterName string, apiService *v1.Service, n
// Create a security group for the load balancer // Create a security group for the load balancer
var securityGroupID string var securityGroupID string
if c.cfg.Global.ElbSecurityGroup != "" { {
securityGroupID = c.cfg.Global.ElbSecurityGroup if c.cfg.Global.ElbSecurityGroup != "" {
} else { securityGroupID = c.cfg.Global.ElbSecurityGroup
sgName := "k8s-elb-" + loadBalancerName } else {
sgDescription := fmt.Sprintf("Security group for Kubernetes ELB %s (%v)", loadBalancerName, serviceName)
securityGroupID, err = c.ensureSecurityGroup(sgName, sgDescription)
if err != nil {
glog.Error("Error creating load balancer security group: ", err)
return nil, err
}
ec2SourceRanges := []*ec2.IpRange{} sgName := "k8s-elb-" + loadBalancerName
for _, sourceRange := range sourceRanges.StringSlice() { sgDescription := fmt.Sprintf("Security group for Kubernetes ELB %s (%v)", loadBalancerName, serviceName)
ec2SourceRanges = append(ec2SourceRanges, &ec2.IpRange{CidrIp: aws.String(sourceRange)}) securityGroupID, err = c.ensureSecurityGroup(sgName, sgDescription)
} if err != nil {
glog.Error("Error creating load balancer security group: ", err)
permissions := NewIPPermissionSet() return nil, err
for _, port := range apiService.Spec.Ports {
portInt64 := int64(port.Port)
protocol := strings.ToLower(string(port.Protocol))
permission := &ec2.IpPermission{}
permission.FromPort = &portInt64
permission.ToPort = &portInt64
permission.IpRanges = ec2SourceRanges
permission.IpProtocol = &protocol
permissions.Insert(permission)
}
// Allow ICMP fragmentation packets, important for MTU discovery
{
permission := &ec2.IpPermission{
IpProtocol: aws.String("icmp"),
FromPort: aws.Int64(3),
ToPort: aws.Int64(4),
IpRanges: []*ec2.IpRange{{CidrIp: aws.String("0.0.0.0/0")}},
} }
permissions.Insert(permission) ec2SourceRanges := []*ec2.IpRange{}
} for _, sourceRange := range sourceRanges.StringSlice() {
ec2SourceRanges = append(ec2SourceRanges, &ec2.IpRange{CidrIp: aws.String(sourceRange)})
}
_, err = c.setSecurityGroupIngress(securityGroupID, permissions) permissions := NewIPPermissionSet()
if err != nil { for _, port := range apiService.Spec.Ports {
return nil, err portInt64 := int64(port.Port)
protocol := strings.ToLower(string(port.Protocol))
permission := &ec2.IpPermission{}
permission.FromPort = &portInt64
permission.ToPort = &portInt64
permission.IpRanges = ec2SourceRanges
permission.IpProtocol = &protocol
permissions.Insert(permission)
}
// Allow ICMP fragmentation packets, important for MTU discovery
{
permission := &ec2.IpPermission{
IpProtocol: aws.String("icmp"),
FromPort: aws.Int64(3),
ToPort: aws.Int64(4),
IpRanges: []*ec2.IpRange{{CidrIp: aws.String("0.0.0.0/0")}},
}
permissions.Insert(permission)
}
_, err = c.setSecurityGroupIngress(securityGroupID, permissions)
if err != nil {
return nil, err
}
} }
} }
securityGroupIDs := []string{securityGroupID} securityGroupIDs := []string{securityGroupID}